Lucene search
This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.MEDIAWIKI_1_23_4.NASLHistoryOct 06, 2014 - 12:00 a.m.
MediaWiki < 1.19.19 / 1.22.11 / 1.23.4 SVG Upload and CSS XSS
2014-10-0600:00:00
This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.
www.tenable.com
18
According to its version number, the MediaWiki application running on the remote host is affected by an input validation error related to SVG file upload handling and CSS content filtering that can lead to cross-site scripting (XSS) attacks.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(78063);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2014-7199");
script_bugtraq_id(70153);
script_name(english:"MediaWiki < 1.19.19 / 1.22.11 / 1.23.4 SVG Upload and CSS XSS");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains an application that is affected by a
cross-site scripting vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its version number, the MediaWiki application running on
the remote host is affected by an input validation error related to
SVG file upload handling and CSS content filtering that can lead to
cross-site scripting (XSS) attacks.
Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
# https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?30d6ff9d");
script_set_attribute(attribute:"see_also", value:"https://www.mediawiki.org/wiki/Release_notes/1.19#MediaWiki_1.19.19");
script_set_attribute(attribute:"see_also", value:"https://www.mediawiki.org/wiki/Release_notes/1.22#MediaWiki_1.22.11");
script_set_attribute(attribute:"see_also", value:"https://www.mediawiki.org/wiki/Release_notes/1.23#MediaWiki_1.23.4");
script_set_attribute(attribute:"see_also", value:"https://phabricator.wikimedia.org/T71008");
script_set_attribute(attribute:"solution", value:
"Upgrade to MediaWiki version 1.19.19 / 1.22.11 / 1.23.4 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/24");
script_set_attribute(attribute:"patch_publication_date", value:"2014/09/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/06");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mediawiki:mediawiki");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses : XSS");
script_copyright(english:"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.");
script_dependencies("mediawiki_detect.nasl");
script_require_keys("Settings/ParanoidReport", "installed_sw/MediaWiki", "www/PHP");
script_require_ports("Services/www", 80);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");
app = "MediaWiki";
get_install_count(app_name:app, exit_if_zero:TRUE);
port = get_http_port(default:80, php:TRUE);
install = get_single_install(
app_name : app,
port : port,
exit_if_unknown_ver : TRUE
);
version = install['version'];
install_url = build_url(qs:install['path'], port:port);
if (report_paranoia < 2) audit(AUDIT_PARANOID);
if (
version =~ "^1\.19\.(\d|1[0-8])([^0-9]|$)" ||
version =~ "^1\.22\.(\d|10)([^0-9]|$)" ||
version =~ "^1\.23\.[0-3]([^0-9]|$)"
)
{
set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
if (report_verbosity > 0)
{
report =
'\n URL : ' + install_url +
'\n Installed version : ' + version +
'\n Fixed versions : 1.19.19 / 1.22.11 / 1.23.4' +
'\n';
security_warning(port:port, extra:report);
}
else security_warning(port);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);
Related
prion
prion
Cross site scripting
2014-09-30 14:55:00
fedora
fedora
[SECURITY] Fedora 21 Update: mediawiki-1.23.4-1.fc21
2014-10-01 04:22:02
[SECURITY] Fedora 20 Update: mediawiki-1.23.4-1.fc20
2014-10-06 05:05:28
[SECURITY] Fedora 19 Update: mediawiki-1.23.4-1.fc19
2014-10-06 05:04:38
nessus
nessus
Fedora 19 : mediawiki-1.23.4-1.fc19 (2014-11582)
2014-10-06 00:00:00
Fedora 20 : mediawiki-1.23.4-1.fc20 (2014-11727)
2014-10-06 00:00:00
Fedora 21 : mediawiki-1.23.4-1.fc21 (2014-11717)
2014-10-01 00:00:00
debiancve
debiancve
CVE-2014-7199
2014-09-30 14:55:00
archlinux
archlinux
mediawiki: Cross-site Scripting (XSS)
2014-09-29 00:00:00
mediawiki: multiple issues
2015-04-10 00:00:00
ubuntucve
ubuntucve
CVE-2014-7199
2014-09-30 00:00:00
openvas
openvas
MediaWiki 'SVG File' Cross Site Scripting Vulnerability - Linux
2015-11-26 00:00:00
Debian Security Advisory DSA 3036-1 (mediawiki - security update)
2014-10-01 00:00:00
Debian: Security Advisory (DSA-3036-1)
2014-10-01 00:00:00
cve
cve
CVE-2014-7199
2014-09-30 14:55:00
mageia
mageia
Updated mediawiki packages fix security vulnerbilities
2014-10-07 13:22:51
gentoo
gentoo
MediaWiki: Multiple vulnerabilities
2015-02-07 00:00:00
Related for MEDIAWIKI_1_23_4.NASL